openSUSE: 2020:2012-1 Important: Chromium Security Update Issues
opensuse
November 25, 2020
An update that fixes 23 vulnerabilities is now available.
An update that fixes 23 vulnerabilities is now available.
Description
This update for chromium fixes the following issues:
- Update to 87.0.4280.66 (boo#1178923)
- Wayland support by default
- CVE-2020-16018: Use after free in payments.
- CVE-2020-16019: Inappropriate implementation in filesystem.
- CVE-2020-16020: Inappropriate implementation in cryptohome.
- CVE-2020-16021: Race in ImageBurner.
- CVE-2020-16022: Insufficient policy enforcement in networking.
- CVE-2020-16015: Insufficient data validation in WASM. R
- CVE-2020-16014: Use after free in PPAPI.
- CVE-2020-16023: Use after free in WebCodecs.
- CVE-2020-16024: Heap buffer overflow in UI.
- CVE-2020-16025: Heap buffer overflow in clipboard.
- CVE-2020-16026: Use after free in WebRTC.
- CVE-2020-16027: Insufficient policy enforcement in developer tools. R
- CVE-2020-16028: Heap buffer overflow in WebRTC.
- CVE-2020-16029: Inappropriate implementation in PDFium.
- CVE-2020-16030:...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-2012=1
Package List
- openSUSE Backports SLE-15-SP2 (aarch64 x86_64):
chromedriver-87.0.4280.66-bp152.2.32.1
chromium-87.0.4280.66-bp152.2.32.1
References
https://www.suse.com/security/cve/CVE-2019-8075.html
https://www.suse.com/security/cve/CVE-2020-16012.html
https://www.suse.com/security/cve/CVE-2020-16014.html
https://www.suse.com/security/cve/CVE-2020-16015.html
https://www.suse.com/security/cve/CVE-2020-16018.html
https://www.suse.com/security/cve/CVE-2020-16019.html
https://www.suse.com/security/cve/CVE-2020-16020.html
https://www.suse.com/security/cve/CVE-2020-16021.html
https://www.suse.com/security/cve/CVE-2020-16022.html
https://www.suse.com/security/cve/CVE-2020-16023.html
https://www.suse.com/security/cve/CVE-2020-16024.html
https://www.suse.com/security/cve/CVE-2020-16025.html
https://www.suse.com/security/cve/CVE-2020-16026.html
https://www.suse.com/security/cve/CVE-2020-16027.html
https://www.suse.com/security/cve/CVE-2020-16028.html
https://www.suse.com/security/cve/CVE-2020-16029.html
https://www.suse.com/security/cve/CVE-2020-16030.html
https://www.suse.com/security/cve/CVE-2020-16031.html
https://www.suse.com/security/cve/CVE-2020-1603...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2020:2012-1
Rating: important
Affected Products:
openSUSE Backports SLE-15-SP2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!